This map shows China’s cyber invasion of the U.S. is well underway

The Chinese government’s ongoing cyber assault on American companies and government entities is a bit of an open secret, but the extent of the alleged campaign has been little understood because victims are reluctant to admit their computer systems have been compromised.

On Thursday, NBC News published a map, obtained by the National Security Administration, that should help further the public’s understanding of the scope of the Chinese cyber invasion of U.S. public and private entities.

The map, which was prepared by the NSA in February 2014, reportedly shows more than 600 successful attempts “to steal corporate and military secrets and data about America’s critical infrastructure, particularly the electrical power and telecommunications and internet backbone.” Each dot represents and individual attack.

According to NBC News:

The prizes that China pilfered during its “intrusions” included everything from specifications for hybrid cars to formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems, according to intelligence sources.

In response to a two-year-old petition on the White House’s “We the People” site, Lisa Monaco, President Obama’s advisor on Homeland Security and Counterterrorism, said basically that Snowden should come home and face the music.

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and — importantly — accept the consequences of his actions. He should come home to the United States, and be judged by a jury of his peers — not hide behind the cover of an authoritarian regime. Right now, he’s running away from the consequences of his actions.

The “Pardon Edward Snowden” petition, filed June 9, 2013, called Snowden a national hero, and garnered 167.954 signatures.

Snowden’s actions—collecting and selectively leaking classified documents on the NSA’s data collection actions—shocked the world and put the U.S. at odds with some key allies when it became known that it was spying on them as well as on enemies. The disclosures caused some, like the petitioners, to call Snowden a heroic whistle blower, while others denounced him for treason.

This spooky typeface automatically redacts NSA trigger words

Have you ever had the sensation that someone—or something—is looking over your shoulder? It’s eerie, disconcerting.

That’s the feeling “Project Seen“ is designed to evoke. The new typeface, created by Slovenian artist Emil Kozole, automatically parses the words you type and strikes through potentially sensitive ones.

What causes a word to be stricken? The redaction list draws from a catalogue of words that supposedly trip the snoop alarms. “These words are part of an NSAPrismdatabase of terms originally leaked by Edward Snowden in 2013 that are used like a surveillance scoring system by government spy agencies,” says Fast Company.

In any case, Kozole’s font is an art project. And any phrase that might—according to the logic of the so-called “spookwords“—be deemed suspicious to an NSA analyst, or NSA algorithm for that matter, gets crossed out. Like NSA, for instance.

“This system highlights where you are potentially prone to being surveilled whilst also preventing you from potentially being tracked,” Kozolewrites on his blog. “Seen is an experiment of evasive and reflexive techniques around the topic of online privacy.”

Surveillance and the Internet are, no doubt, inextricably linked. As crypto expert and author Bruce Schneier will tell you, the former is the business model of the latter. The threat to privacy is real. Whether that be some big tech company parsing and logging your email communications for terms to advertise against, or some government agency such as the NSA piggybacking on those databases to gather intelligence.

Think you’re too normal to be the subject of scrutiny? As long as you don’t go fedexing cyanidepackages of cyberpunkIlluminati to redheads in Texas? Not so. As the artist Kozoletells Business Insider: “I still wanted to show and educate people on how ‘normal’ words we use in our online conversations on Facebook, emails or search queries on Google are all stored and could potentially get you in trouble.”

For that reason, the author has opted to retain all instances where the “Project Seen” typeface would typographically shish kabob his text.

It is, as aforementioned, unsettling to have a ghostly censor embedded in the very medium through which one writes. A bowdlerizing phantom probing your every keypunch. It’s spooky—in all senses of the word.

Exclusive: cybersecurity startup RedOwl raises $17 million series b

Sure, Guy Filippelli did a stint with the National Security Agency. As a member of that spy team, he helped re-architect how the agency disseminated intelligence to military officers. But that’s not where Filippelli cut his teeth.

“Actually, the army was much more formative for me,” the CEO and founder of cybersecurity startup RedOwl tells Fortune. In late 2001, Filippelli, by then a West Point grad with experience in computer science, had been gearing up for the United States’ post-9/11 invasion of Afghanistan. The military’s intelligence apparatus was technologically lacking at the time, he says, and so the top brass selected a few young army officers to run software engineering teams, to boost officers’ decision-making capabilities. That’s when Filippelli got his start.

“In the army, nobody is gathering intelligence just to gather intelligence,” he says, hinting at an essential difference between the missions of his former employers. “An army intelligence team’s goal is to quickly get data together and to turn that into information that can be actioned in support of a decision on the battlefield.” The job entails gathering relevant details quickly, correctly, and serving them up to the leaders devising strategies. During conflict, lives depend on it.

Today, Filippelli is applying that insight at RedOwl, a cloud-based behavioral analytics software company he founded in 2011 after leaving the public sector. The Baltimore, Md.-based firm specializes in bringing together disparate streams of data within an organization. They could include activity on the IT network, email exchanges, and other sources of data, in order to help companies mitigate insider risk—which could manifest as a rogue, sloppy, or compromised employee, for example.

On Monday, RedOwl will announce that is has raised a $17 million Series B round of funding, bringing total funding to nearly $30 million so far. Participants in the latest round include Allegis Capital, a venture capital firm, which led the raise, as well as Blackstone Group BX, the private equity firm, and angel investor Marc Benioff, the founder and CEO of sales-tool giant Salesforce CRM. The company already has a relationship with In-Q-Tel, the venture capital arm of the Central Intelligence Agency.

Soon after contractor and whistleblower Edward Snowden leaked a trove of NSA internal documents in 2013, Filippelli says that RedOwl’s appeal leaped from a “nice to have” to a “need to have” among potential customers. The company’s flagship product, “reveal,” monitors users, spots anomalies, predicts malfeasance, and gives the operators a chance to stop data heists before they happen.

Post-Snowden, network custodians began to consider blocking compromises from within just as important as preventing external attacks. Information security specialists became suddenly introspective. Their newly heightened fears no doubt helped RedOwl to win the “most innovative company” award at the 2014 RSA Conference, one of the world’s biggest information security confabs.

“Statistics show that between 70-and-80% of cyber breaches have an internal component to them,” says Robert Ackerman, the lead investor at Allegis Capital and newly added board member at RedOwl, as he details his reasoning behind the investment. “All of a sudden, people have come to realize the critical need to understand what’s going on inside their networks.”

That threat is real. According to a 2015 insider threat report from Vormetric, 89% of the 800 business and IT managers surveyed by the San Jose, Calif.-based data security firm reported feeling that their organizations are vulnerable to insider attacks. Indeed, more than a third of the respondents said they felt “extremely vulnerable.”

Jay Leek, Blackstone’s chief information security officer and a RedOwl board member since April, sings the company’s praises. On a call with Fortune, the customer-turned-investor says he spent 11 months reviewing 15 companies with similar cybersecurity offerings last year before giving RedOwl his endorsement. (He declined to name the other companies.)

RedOwl stole the show, he says. The tool “gives you the full context and allows you to pivot and investigate quickly,” he waxes. Other tools, he says, simply would alert him to indicators of compromise.

“Investigating used to take days,” he adds. “Now it takes 5 minutes or less. It’s a tremendous time saver.”

RedOwl isn’t the only company operating in the space. Big data crunching companies like Palantir and Splunk SPLK help organizations dig through data and find trends that could unmask insider threats. (Just last week, Splunk bought cybersecurity startup Caspida for $190 million, giving it even better prospects in the security market.) And then there are others, such as Securonix and Gurucal, competing for a share of the pie, to name a couple.

Filippelli, who previously co-founded the data analytics firm Berico Technologies, says the bulk of RedOwl’s latest funding injection will go toward product development. “This has been a very intense year for us,” he says, mentioning that he has been pleased with several proof of concept tests of the technology. (He does not go into greater detail.) Some of the firm’s customers so far include Blackstone and risk management firm K2 Intelligence.

“Really, 2015 is fundamentally about establishing these early beachheads, to use a military term, in these large organizations,” Filippelli says. By end of year, he says he hopes to have 25 product level deployments, declining to reveal further information about customers or revenue. RedOwl will continue to focus for now on its tech, he says, primarily hiring engineers and data scientists. Since the middle of last year, the company’s headcount has doubled to 35, and he hopes to bring that number to 50 by year end.

How China’s proposed cybersecurity law could impact tech companies

When China adopted a new wide-ranging security law early this month that covers everything from politics to the environment, foreign tech companies were concerned that its broad language meant bad news for them to do business in the country.

However, a draft proposal of a new cybersecurity law (link is in Chinese) issued this week shines a bit more light on some of the ways China is looking to regulate data inside the country and influence foreign technology companies, especially Internet service providers (ISP) and hardware manufactures.

According to an International Business Times report this Wednesday on the proposed law, the draft says that ISPs and Internet companies will need to store data in China, with Reuters pointing out that this refers to data collected inside of China as opposed to company data collected from countries other than China.

This seems similar to Russia’s tough new cybersecurity law that calla for web companies to set up data centers in the country so that any personal data obtained in Russia on its citizens stays in Russia. The problem with that law, according to European market analysts, is that Russia doesn’t distinguish between personal data—like a person’s name and sex—and routine business data like how many ad clicks does a website operating in Russia receive on a typical day.

Essentially, all business data, even manufacturing and IT data, can be interpreted as personal data under the Russian law, which a European think tank studying the law said could dampen the desire of foreign companies to work in Russia.

China’s proposed law seems vague as to what exactly constitutes the type of data China wants to keep on shore, but the law is still open for modifications until August, so that issue may clear up by then.

What is different between this portion of the law and Russia’s is that China will allow outside tech companies to apply for special exemptions that could allow them to hold Chinese data outside of the country.

Internet operators in China are also subject to more scrutiny under the proposed law. They will have to aid the Chinese government when it conducts criminal investigations or issues that officials believe could compromise national security. These companies will also have to allow for annual audits to determine if there are potential security concerns for the Chinese government.

As for hardware manufacturers, it should come as no surprise that the proposed law calls for network equipment—like switches and routers—to be approved by the Chinese government before being sold domestically.

China has made public its concerns that the United State’s National Security Agency was installing so-called backdoors within Cisco’s hardware for the purpose of spying, and as a result the country has made it much more difficult for foreign hardware companies to do business inside China.

Both Cisco and Hewlett Packard have seen their sales in China suffer as the country scrutinizes imported hardware. This is why Cisco said in June that it is investing $10 billion in the country to rebuild relationships and perhaps manufacture more gear inside the country.

It’s these type of deals that Cisco CSCO and HP HPQ are doing with China that allow them to potentially grow their business while appeasing the Chinese government.

China does not seem like it’s going to reach compromises that totally satisfy every foreign tech company that wants to grow in the country, however.

China’s official Xinhua News Agency published an editorial this week scolding foreign companies, for their intransigence. In it, Xinhua claimed that the new laws are not designed to thwart foreign companies, and that China will consider “financial input from overseas and expertise in the process.”

The editorial stated that foreign companies “should first abandon their victim complex and learn to adapt to the new norms in order to continue to thrive.”

Eric Holder suggests Edward Snowden could come back to U.S.

A “possibility exists” for National Security Agency whistleblower Edward Snowden to someday leave asylum in Russia and return to the U.S., former Attorney General Eric Holder said in an interview with Yahoo News published Monday.

Snowden’s been living in Russia since 2013, when he leaked a stream of classified federal government documents that exposed surveillance activities by the NSA. His disclosures sparked heated discussions over the role of private companies in government surveillance and the scope of such surveillance.

The U.S. has revoked Snowden’s passport; Holder filed a criminal complaint against Snowden in June as well.

“We are in a different place as a result of the Snowden disclosures,” Holder said in the interview. The revelations spurred important debates and discussions, he added.

However, the chief spokeswoman for the current Attorney General, Loretta Lynch, has already shot down Holder’s suggestion that the Department of Justice could offer Snowden a pathway back to the U.S. “This is an ongoing case so I am not going to get into specific details but I can say our position regarding bringing Edward Snowden back to the United States to face charges has not changed,” the spokeswoman said in an email to Yahoo News.

Intelligence community loves its new Amazon cloud

U.S. intelligence agencies moving from legacy systems to new cloud computing infrastructure built by AmazonAMZN Web Services are pretty happy about it thus far, according to a report in NextGov.

Speaking at an AWS-sponsored conference Friday, Alex Voultepsis, chief of the National Security Agency’s Engineering and Planning Office said the new cloud is helping agencies “stuck in heritage systems” start moving to the new C2S cloud, according to the report. C2S is shorthand for the commercial cloud services contract that resulted in the new cloud which started going live last August,

The use of a single set of infrastructure improves security over using older multiple data centers, speakers said. Jason Hess, cloud security manager for the National Geospatial-Intelligence Agency, the first of 17 agencies to put an application in the new cloud, said consolidation means less complexity, which makes the infrastructure easier to protect.

Two years ago, the CIA selected AWS to build and run a special, secure cloud to be used by 17 intelligence-related agencies, in a contract valued at $600 million. That was a watershed event for Amazon, the leader in public cloud services. Many companies with regulatory and compliance concerns resist the notion of using public cloud infrastructure, in which resources are typically shared by many customers, although Amazon cordons off sections of its public cloud for use by select customers.

But, as Amazon senior vice president of web services Andy Jassy told Fortune recently, news of Amazon’s selection by the CIA gave other security-conscious companies cover to follow suit. “They would say ‘well, if the security and performance is good [enough] for the CIA, then it’s probably good enough for us,'” Jassy said.

And, the fact that AWS beat out IBMIBM despite submitting a higher bid for the work, must have been especially sweet for the company.

The use of a single set of infrastructure versus multiple older data centers actually boosts security, conference speakers said. Jason Hess, cloud security manager for the National Geospatial-Intelligence Agency, the first group to put an application in the new cloud, said consolidation means less complexity, and less complex infrastructure is easier to lock down.

Old-school IT people are often referred to as “server huggers” because they feel that if they own and control their hardware, they can protect it better than an outside provider can. That is a perception that Amazon and other cloud providers have to combat.

None of this is to say there haven’t been hiccups. Kristine Guisewite, information system security engineer at defense contractor RaytheonRTN, cited some issues with autoscaling, a feature that turns machines on and off based on demand, but she expects fixes within six months.

Subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

Jeb Bush blasts the White House on cybersecurity

Earlier this year, President Obama called for a cybersecurity summit at Stanford University, using the occasion to push for new legislation and announce new executive orders. Presidential hopeful Rand Paul raised his profile recently by filibustering a key portion of the Patriot Act on the Senate floor. And Jeb Bush has gotten in on the act, calling out what he deems the nation’s digital defense failings in a post on the social blogging platform Medium.

Bush’s thousand word proclamation—titled “The President Must Prioritize Cybersecurity”–is mostly rhetoric. In it he praises the economic potential of the Internet and admonishes attackers that have burglarized businesses and the public sector. He lauds Estonian ingenuity and decries the leadership of the Obama administration. He blasts defense budget cuts and defends the oft-vilified snoop work of the U.S. National Security Agency.

In word, he plants his flag. And that flag bears the distinct marks of hawkish heraldry.

“We have allowed these adversaries to threaten our citizens’ inherent right to a trusted, free and open internet,” he writes, censuring the attackers that have lately targeted retailers, health care companies, federal agencies, and others. “It doesn’t have to be this way.”

Bush’s statement sets his political platform into motion on the digital front. Using the example of the bleeding edge electronic reforms of the post-Soviet state Estonia, he says, “if you rely on the internet, you need to invest in protecting it.” And he asserts of the Internet and its central role in U.S. commerce: “Something so important must be a priority for the U.S. government, and yet it is not.”

He’s not wrong. Government has the poorest record of any industry sector when it comes to fixing software vulnerabilities, according to a recent report by the application security company Veracode. It also scores the lowest in adopting commonly accepted web application security measures. In an interview with Fortune, Veracode CTO and chief information security officer Chris Wysopal said: “The government sector—it shouldn’t be a surprise—is actually the worst over all industry vertical we looked at. Worse than retail.”

Still, there’s no denying that cybersecurity has become a top priority for the Obama administration, which has presided over a nation wracked with revelations of NSA leaker Edward Snowden; beset by endless cyberattacks; and left limping after embarrassing breaches of federal data. President Obama unprecedentedly named, shamed, and sanctioned North Korea for its role in hacking Sony Pictures Entertainment at the end of last year. He also passed executive orders boosting federal power to impose economic sanctions against hackers overseas.

What use is it that President Obama issued an Executive Order or gave a thoughtful speech about cybersecurity if his own Office of Personnel Management — the human resources department of the entire US Government — failed to take basic steps to protect the sensitive personal information of millions of its employees?

Where is the accountability? What consequences will there be for political appointees or bureaucrats who failed to heed warnings and adequately protect these key databases? What will happen to Katherine Archuleta who served as the National Political Director For President Obama’s 2012 reelection campaign before assuming her role as OPM Director? What message will it send to other managers throughout the government — and private sector — if there isn’t accountability?

Bush falls just short of calling for Archuleta’s head. He stands opposed, he says, to the current leadership’s policies. Never mind that Bush supports increased cybersecurity information sharing between the corporate world and government—a position he shares with president Obama, even if the latter disagrees with the Republican-backed bill that’s now wending its away through Capitol Hill.

In general, Bush asks a lot of questions but doesn’t answer many. That’s probably because the answers are tough, technical, and to be determined. As far as a plan goes, the only concretely stated one is to increase investment and spending in cybersecurity. But one should keep in mind that it’s not necessarily more money—more defense, military, and intelligence agency spending—that will beget better cybersecurity. After all, the U.S. spends more on defense than any other country by a long shot. It’s just as important to infuse the culture with better processes and practices.

Bush also takes a moment to side with the controversial work of the NSA. “The NSA is critical to our defense against foreign cyber-threats, and yet the political class in Washington has been more interested in treating the NSA as an enemy of the state rather than its defender,” he says. “We need to preserve and enhance the capabilities of the U.S. intelligence community and law enforcement to identify, deter, and respond to cyber-attacks.”

Overall, Bush’s post sets out to differentiate his position from competitors like Democratic presidential hopeful Hillary Clinton, who, aside from being a former member of the Obama administration, has been skewered for her unsecure email practices. And his stance puts him in direct opposition to contenders such as the libertarian Kentucky senator Paul, who have come down hard on NSA spying and on military spending.

Jeb Bush’s record, of course, isn’t blemish-free. Earlier this year he accidentally exposed nearly 13,000 social security numbers when making the contents of his email archive public. (In his defense, the Florida Department of State had reportedly approved the cache for publishing.) But the point is: Poor security is endemic to the Internet. And while it may be convenient to lambast the opposition for an ever escalating spate of hacking catastrophes, cybersecurity should be a nonpartisan issue. No doubt there will be a high hurdle for any politician to convince the public that there’s a simple solution to the nation’s security woes.

Cisco Systems said it plans to invest $10 billion in China amid slumping sales there tied to an international tech trade war.

The networking giant gave few details in Wednesday’s announcement. The company only said that the money will be spent “over the next several years” and that it will be used to “support the growth of local economies and businesses.”

Under the terms of the deal, Cisco’s investment will be used to spur Chinese job growth, research and development, and contribute to China’s plans to create a booming high-tech industry.

The investment comes at a time when Cisco CSCO has seen slumping sales in China. In an earnings call in May, CEO John Chambers told analysts that its China business fell 20% in the third quarter.

The slump started soon after the U.S. government raised the alarm bells in 2012 about buying networking gear from Chinese tech giant Huawei because of security concerns. Soon after, China started voicing fears that U.S. spy agencies had installed so-called backdoors into U.S.-made networking gear.

Eventually, China removed Cisco—along with Apple AAPL, Citrix CTXS, and McAffee—from a government approved purchase list for small contracts. Sales in China for Cisco’s core products started to steadily decline.

The alleged espionage by the U.S. government has troubled Chambers. In 2014, he reportedly wrote a letter to President Obama asking him to ease back on government surveillance tactics because “these actions will undermine confidence in our industry and in the ability of technology companies to deliver products globally.”

With the new investment into China, Cisco seems to be working on rebuilding trust in the country and spur more sales of its products. By manufacturing more hardware in China and hiring more Chinese workers, the company may be able to curry favor with the Chinese government and dampen concerns about the U.S. potentially booby trapping its products.

In a statement, Cisco said Chambers, who is retiring in July, and his replacement, Chuck Robbins, met with Chinese government officials about the investment and signed a memorandum of understanding with China’s National Development and Reform Commission, a Chinese economic planning agency.

This interview encapsulates why everyone is outraged about the controversial Sunday Times’ Snowden story

In case you missed it, a front page story in the UK-based Sunday Times magazine generated a furor this weekend. It covered the purported repercussions of former NSA contractor Edward Snowden’s leaks for western intelligence agencies. The report—which relied heavily on unnamed “senior officials” and “senior government sources”—parroted a number of unsubstantiated claims, according to its critics, hammering home a single point of view: that of the British government.

Among other things, the piece alleged that China and Russia had “cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden,” and that the British spy agency MI6 had been forced “to pull agents out of live operations in hostile countries.” It also ham-handedly insinuated that Snowden had either willingly handed his trove of state secrets over to foreign governments in exchange for asylum, or had lost his documents to them through some other means, such as hacking. All of these suppositions are unproven or tenuously contended, manyhavepointedout.

To critics, it seems the Sunday Times’ journalists bought into an unsupported, one-sided narrative spun by its anonymous informants.

When an official tells the Sunday Times that “it is the case that Russians and Chinese have information,” no nod is given to the possibility that that information might be the same information to which everyone gained access following the Snowden leaks. The strange tautology is followed by another self-defeating quote, which nullifies an earlier accusation that Snowden has “blood on his hands.” To wit, that “there is no evidence of anyone being harmed.”

“This sort of credulous regurgitation of government statements is antithetical to good journalism,” derided Ryan Gallagher, a Scottish investigative security reporter, in his critical review of the piece. “The entire report is a self-negating joke,” spat Glenn Greenwald, editor of The Intercept and one of the Pulitzer prize-winning reporters who helped shepherd Snowden’s leaks to the public. Whatever happened to good old fashioned journalistic skepticism, the pair ask?

In an interview with Tom Harper, one of the controversial Snowden story’s three reporters (the other two are Richard Kerbaj and Tim Shipman), CNN reporter George Howell uses less invective to dismantle the foundations of the story’s claims. You can watch Harper’s doomed attempt to quell critics’ concerns on CNN here:

Asked how the government officials knew Snowden’s cache of documents had been compromised (again, an unproven assertion), Harper says: “I don’t know the answer to that, George. All we know is that this is, effectively, the official position of the British government.”

Howell presses on. He asks Harper to explain whether Snowden had been hacked or had willingly turned over leaked documents to the Chinese and Russian governments.”Well, again. Sorry to just repeat myself, George, but we don’t know,” Harper says. “When you’re dealing with the world of intelligence, there are so many unknowns and so many possibilities, it’s difficult to state anything with certainty.”

Howell proceeds to deflate the steadily swelling ball of hot air surrounding the story’s reportage with a question as sharp as a pinpoint: “Essentially, you’re reporting what the government is saying, but as far as the evidence to substantiate it, you’re not really able to comment or explain that at this point, right?”